From 294ac7e998af557db7f65f1e796a654b6428ec51 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Fri, 24 Jan 2020 00:20:51 +0100
Subject: port tootsuite/#12930 to monsterfork: Fix OEmbed leaking information
 about existence of non-public statuses

---
 app/controllers/statuses_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers/statuses_controller.rb')

diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 00db6c169..87fdf222e 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -47,7 +47,7 @@ class StatusesController < ApplicationController
   end
 
   def embed
-    raise ActiveRecord::RecordNotFound unless @status.distributable?
+    return not_found unless @status.distributable?
 
     expires_in 180, public: true
     response.headers['X-Frame-Options'] = 'ALLOWALL'
@@ -75,7 +75,7 @@ class StatusesController < ApplicationController
       authorize @status, :show?
     end
   rescue Mastodon::NotPermittedError
-    raise ActiveRecord::RecordNotFound
+    not_found
   end
 
   def handle_sharekey_change
-- 
cgit